Anda di halaman 1dari 11

Testimony Before the

Subcommittee on Technology and Innovation

Committee on Science and Technology
U.S. House of Representatives

Standards for Health IT:

Meaningful Use and Beyond
Statement of
David Blumenthal, M.D., M.P.P.
National Coordinator,
Office of the National Coordinator for Health IT
U.S. Department of Health and Human Services

September 30, 2010

Chairman Wu, Ranking Member Smith, distinguished Subcommittee members, thank

you for the opportunity to submit testimony on behalf of the Department of Health and Human

Services (HHS) on our progress and priorities related to interoperability and the security of

electronic health records and health information technology (HIT) systems since the passage of

the Health Information Technology for Economic and Clinical Health Act (HITECH Act).

The HITECH Act represents an historic and unparalleled investment in HIT, lays the

groundwork necessary to pursue the President’s goals related to improved health care quality and

efficiency, and will help transform the way health care is both practiced and delivered. The

provisions of the HITECH Act are best understood not as investments in technology per se, but

as efforts to improve the health of Americans and the performance of their health care system.

Interoperability and privacy and security are themes that are present throughout the

HITECH Act. Consequently, many of our policy and programmatic efforts also focus on those

themes. We have made remarkable progress in the relatively short time since the HITECH Act’s

passage. Our recent accomplishments include: the establishment of two new federal advisory

committees, the HIT Policy Committee and HIT Standards Committee; the completion of the

three rulemakings necessary to establish meaningful use Stage 1 for the Medicare and Medicaid

Electronic Health Record (EHR) Incentive Programs; strengthened coordination throughout the

Executive Branch on HIT; and the responsible obligation of nearly all of the $2 billion we were

authorized under the American Recovery and Reinvestment Act of 2009 through the creation of

several programs that will have a lasting impact on the HIT landscape. As we take stock of our

successes and complete the challenges in front of us, we recognize that much work still remains

in order to reach our goals for the future.

The first half of my testimony focuses on the progress that the Office of the National

Coordinator for Health Information Technology (ONC) has made thus far related to

interoperability and privacy and security, generally, while the second half discusses the work we

are currently pursuing with respect to standards in order to support the latter stages of

meaningful use.

Building on HITECH

The HIT Policy and Standards Committees

Established by the HITECH Act, the HIT Policy and HIT Standards Committees both

contribute a great deal to our activities and regularly issue recommendations on how to best

fulfill our responsibilities and implement the ambitious agenda set forth by the HITECH Act.

Both Committees include a diverse membership, with representatives of various perspectives

from both the public and private sectors. The HIT Standards Committee, for example, combines

standards experts from the private sector with Federal government leaders from OSTP, NIST,

DoD, VA, and CMS.1

As we continue to implement the HITECH Act, we are acutely aware that it is paramount

to implement appropriate policies to keep electronic health information private and secure.

Privacy and security form the bedrock necessary to build trust. Patients and providers must feel

confident in the processes, policies, and standards in place related to HIT and the electronic

exchange of health information. Thus, to ensure that we have timely privacy and security

recommendations related to the HITECH programs for which we are responsible, the HIT Policy

Committee formed an interdisciplinary “Privacy and Security Tiger Team” of experts comprised

OSTP: Office of Science and Technology Policy; NIST: National Institute of Standards and Technology; DoD:
Department of Defense; VA: Department of Veterans Affairs; CMS: Centers for Medicare & Medicaid Services

of members from both the HIT Policy and Standards Committees. Members from the National

Committee on Vital and Health Statistics (NCVHS) also serve on the Tiger Team to ensure the

efforts of these committees are coordinated.

Building on the work of the Tiger Team, the HIT Policy Committee has, in accordance

with its mandate in the HITECH Act, recently submitted recommendations regarding data

segmentation technologies to ONC, as well as recommendations on obtaining patient consent in

various contexts. In upcoming months, the Tiger Team in coordination with the HIT Policy

Committee will continue to prioritize and address additional privacy and security issues

including: the privacy and security requirements for participants in health information exchange

activities who are not subject to the Health Insurance Portability and Accountability Act of 1996

(HIPAA) Privacy and Security Rules; credentialing assurance levels; individual access;

transparency; security safeguards; and de-identified data.

Like its sister committee, the HIT Standards Committee plays a critical role in guiding

ONC. In August 2009, and again in March 2010, it issued recommendations to ONC on the

standards and implementation specifications that should be considered to support meaningful use

Stage 1. It has also formed workgroups which focus on clinical operations, clinical quality, and

implementation. Most recently, the HIT Standards Committee established a vocabulary task

force under the clinical operations workgroup to address vocabulary subsets and value sets as

facilitators and enablers of meaningful use. In April, 2010, the HIT Standards Committee made

recommendations to ONC based on the work of the clinical operations workgroup and taskforce.

These recommendations broadly addressed several areas related to the identification,

development, review, testing, and maintenance of vocabularies, value sets, and code sets, as well

as the establishment of an authoritative vocabulary infrastructure.

Finally, in response to their charge under Section 1561 of the Patient Protection and

Affordable Care Act, the HIT Policy and Standards Committees recently made recommendations

to ONC for the Secretary’s consideration regarding interoperable and secure standards and

protocols that facilitate enrollment of individuals in Federal and State health and human services

programs. On September 17, the Secretary adopted this first set of recommendations and they

were published on ONC’s website.2

Meaningful Use Stage 1

This past July marked the completion of the three interdependent rulemakings that were

necessary to implement “Meaningful Use Stage 1,” the first stage of the Medicare and Medicaid

EHR Incentive Programs. The first rulemaking establishes the requirements that eligible health

care providers3 will need to satisfy in order to qualify for incentive payments. The second

specifies the technical capabilities and standards that certified EHR technology will need to

include to support these health care providers. And the third creates the processes for EHR

technology to be tested and certified, thus providing confidence and assurance to eligible health

care providers that the certified EHR technology they adopt will perform as expected. These

rules, cumulatively, reflect over 2,000 public comments from stakeholders across the health care

system, and illuminate the initial pathway to achieving an integrated and electronically

connected health care system.

“Eligible health care providers” is used to mean: “eligible professionals, eligible hospitals, and critical access

In developing the policies for meaningful use Stage 1, the ONC and CMS worked

collaboratively to strike a balance that reflected both the urgency of adopting EHR technology to

improve our health care system and the challenges that adoption will pose to health care

providers. Our approach attempts to move the health system upward toward improved quality

and effectiveness in health care, but at a speed that reflects both the capacities of providers who

face a multitude of real-world challenges and the maturity of the technology itself.

In order to ensure that eligible health care providers can obtain EHR technology capable

of assisting their achievement of meaningful use Stage 1, the Secretary adopted an initial set of

standards, implementation specifications, and certification criteria for EHR technology (the

Initial Set). Much like meaningful use Stage 1, the Initial Set creates a foundation from which

we expect to continue to build in order to enhance the interoperability and security of EHR

technology. The Initial Set specifies several interoperability and security capabilities that

certified EHR technology must include in order to support meaningful use Stage 1. With respect

to interoperability, it specifies that certified EHR technology must be capable of submitting

information to public health agencies in standard formats, that specific standards must be used

for electronic prescribing, and it specifies certain standards (content exchange and vocabulary)

that must be used when patient summary records are exchanged and when patients are provided

electronic copies of their health information. With respect to privacy and security, the Initial Set

requires that certified EHR technology must be capable of automatically logging-off a user,

access control, authentication, generating audit logs, checking the integrity of information that is

electronically exchanged, and encrypting health information (according to standards specified by


To ensure proper incorporation and use of the adopted standards and implementation

specifications EHR technology must be tested and certified according to the certification criteria

adopted by the Secretary. In that regard, we issued, at the end of June, a final rule establishing

the temporary certification program for health information technology that outlines how

organizations can become ONC-Authorized Testing and Certification Bodies (ONC-ATCBs).

Once authorized by the National Coordinator, the ONC-ATCBs will test and certify that EHR

technology is compliant with the standards, implementation specifications, and certification

criteria adopted by the Secretary. To date, three organizations have now been granted ONC-

ATCB status by the National Coordinator. We are also working on a final rule for a permanent

certification program that we expect to publish later this year and that will be fully operational in

early 2012. We expect that this program will be more rigorous than the temporary certification

program and will achieve greater incorporation of international standards and best practices

through requirements such as accreditation and surveillance. In developing our proposals for

both the temporary and permanent certification programs and, in accordance with the HITECH

Act, we consulted extensively with our colleagues from NIST. During this time, we established

an even closer working relationship with the experts at NIST and we anticipate continuing to

work with them, as the certification programs mature. NIST has been an invaluable partner in all

our efforts to implement the HITECH Act.

Strengthened Coordination

On a number of fronts, we have actively sought to strengthen coordination within the

Executive branch on complementary activities where the use of adopted standards and

implementation specifications may be appropriate. In this regard, the Federal HIT Task Force

was created to facilitate implementation of the President's HIT agenda through better

coordination among Federal agencies. As noted, under the aegis of this HIT Task Force, we are

working with the President’s Cybersecurity Coordinator, Mr. Howard Schmidt, to take full

advantage of security lessons learned from other Federal programs. We are also supporting our

colleagues at the Department of Defense and the Department of Veterans Affairs on their

implementation of the Virtual Lifetime Electronic Record (VLER) project, and continuing our

work with the Federal Health Architecture (FHA).

Additionally, ONC has maintained a close working relationship with HHS’ Office for

Civil Rights (OCR) and consulted with OCR as it developed the proposed modifications to the

HIPAA Privacy, Security, and Enforcement Rules required by the HITECH Act to strengthen the

privacy and security protections for health information and to improve the workability and

effectiveness of the HIPAA Rules. The proposed regulatory provisions would, among other

things, expand individuals’ rights to access their information and restrict certain disclosures of

protected health information to health plans; extend the applicability of certain Privacy and

Security Rules’ requirements to the business associates of covered entities; establish new

limitations on the use and disclosure of protected health information for marketing and

fundraising purposes; and prohibit the sale of protected health information without patient

authorization. This proposed rulemaking will strengthen the privacy and security of health

information, and is an integral piece of the Administration’s efforts to broaden the use of HIT in

health care today.

HITECH Programs

Through implementing the new authorities provided by the HITECH Act, we have

committed to fostering the support, collaboration, and ongoing learning that will mark our

progress toward electronically connected, information-driven medical care. Several new

programs will contribute to this progress, including:

• The State Health Information Exchange Cooperative Agreement Program – A grant

program to support States or State Designated Entities in rapidly building capacity for

exchanging health information across the health care system both within and across


• The Beacon Community Program – A grant program for communities to build and

strengthen their HIT infrastructure and exchange capabilities. These communities will

demonstrate the vision of a future where hospitals, clinicians, and patients are meaningful

users of health IT, and together the community achieves measurable improvements in

health care quality, safety, efficiency, and population health.

• The Health IT Workforce Program – A multi-pronged approach designed to support the

education of HIT professionals, including new and expanded training programs,

curriculum development, and competency testing.

• The Strategic Health IT Advanced Research Projects (SHARP) Program – A grant

program to fund research focused on achieving breakthrough advances to address well-

documented problems that have impeded adoption: 1) Security of Health Information

Technology; 2) Patient-Centered Cognitive Support; 3) Healthcare Application and

Network Platform Architectures; and, 4) Secondary Use of EHR Data.

• The Health Information Technology Extension Program – A grant program to establish

Health Information Technology Regional Extension Centers to offer technical assistance,

guidance, and information on best practices to support and accelerate health care

providers’ efforts to become meaningful users of EHRs.

Supporting Standards Needs beyond Meaningful Use Stage 1

We anticipate that future stages of meaningful use will build on the foundation we have

now established and will require progressively more rigorous electronic health information

exchange requirements. In order to develop those requirements, we have again asked the HIT

Policy Committee to make recommendations on what meaningful use Stages 2 and 3 should

encompass. The HIT Policy Committee and its Meaningful Use workgroup have received testimony

and held numerous hearings on topics such as care coordination, patient/family engagement, and

eliminating disparities in health care. This fall the Meaningful Use workgroup will be holding

additional public meetings, and will be closely monitoring implementation of meaningful use Stage 1

to inform its recommendations to the HIT Policy Committee. As before, and in response to the

meaningful use policy priorities identified by the HIT Policy Committee, we anticipate that the HIT

Standards Committee will also begin to focus on the standards, implementation specifications, and

certification criteria that will be necessary for future stages of meaningful use. We also expect the

HIT Standards Committee to issue recommendations that focus on strengthening the security

capabilities of EHR technology and on standards for electronic health information exchange in

support of meaningful use.

In order to support future stages of meaningful use as well as our other initiatives, we

determined that a comprehensive standards and interoperability framework was needed, and we are

currently in the process of establishing that framework. The “Standards and Interoperability

Framework” is intended to help us coordinate our standards development efforts, and to facilitate the

development, adoption, and use of high-quality standards and implementation specifications. We

believe by using the Standards and Interoperability Framework, we can develop and maintain a well

organized set of standards that can be reused across different use cases, and allow for greater

coordination among public and industry stakeholders.

Interoperability will be critical to our success in Stages 2 and 3 of meaningful use. In the

Initial Set, we adopted several standards for the electronic exchange of health information, but

we recognize that greater specificity is necessary to reach our goals. In that respect we will be

working on adopting additional implementation specifications; achieving agreement on

vocabularies and code sets for particular exchange purposes; and comprehensive privacy and

security capabilities for EHR technology.


The HITECH Act provides for an unprecedented amount of funding to improve the

quality and efficiency of health care through HIT, and its historic investment will undoubtedly

help transition our current antiquated, paper-dominated health care system into a high-

performing 21st century health care system. With a nationwide infrastructure of HIT in place, that

provides the capability of secure interoperable health information exchange through consensus

built standards, patients, providers, and the public will experience the true value added for

improving health care delivery. It is my privilege to testify before you today and I look forward

to answering any questions you might have.